Hackers could crash Cisco IP phones


Hackers could crash Cisco IP phones

Antony Savvas

A software flaw in Cisco voice over IP phones could allow hackers to crash them.

The problem has been reported by the UK’s National Infrastructure Security Co-ordination Centre (NISCC) and Cisco is issuing patches to solve the problem.

A DNS (domain name system) protocol vulnerability affects the client software in the phones. DNS handles the translation of domain names into IP addresses via DNS servers across the internet to perform the translation.

The system is designed to ensure that IP packets arrive at their proper destinations at the right time.

However, the information necessary to perform the process is often compressed, and the NISCC said remote hackers could insert specially crafted DNS packets containing invalid information into the compressed section of the message, causing the IP phones to malfunction or crash. 

Affected products include Cisco's 7902/7905/7912 IP phones, the Cisco ATA (analogue telephone adaptor) 186/188, and several Cisco Unity Express and Cisco ACNS (application and content networking system) devices.

Cisco is not the only supplier to use the DNS translation system in its IP phones.

NISCC policy is to post information on known vulnerabilities affecting specific suppliers. It adds other suppliers to the listing once it is confirmed their kit is affected too.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy